HP is concerned that the current WS-A specification creates a serious
security risk by providing a way to trick consumers of EPRs to send (and
potentially sign) headers that carry semantics they do not understand
and would not agree to send if they understood them. The specification
does not provide an adequate way for the EPR consumer to protect itself.
The wsa:isReferenceParamater attribute is not sufficient because:
- the schema of the header might not allow attribute extension
- there is no mechanism (like soap:MustUnderstand for headers) to
specify, in a way that all SOAP processors must understand, that this
attribute must be understood.
This problem is further discussed at [1] and solutions to this problem
have been proposed to the WG, including at [2].
[1]
http://h20276.www2.hp.com/blogs/vambenepe/2005/06/20/1119312469000.html
[2]
http://lists.w3.org/Archives/Public/public-ws-addressing/2004Nov/0474.ht
ml
Yin Leng